??? It??™s relatively easy to spoof IP addresses.
These two faults led to the development of magic cookies (Section 13.9).
13.9 xauth and Magic Cookies
X provides a simple shared-secret access control protocol known as MIT-MAGICCOOKIE-
1.
Magic cookies or tokens are simply secret numbers. If a client attempting to connect
to an X server knows the correct magic cookie value, it is permitted to connect; if it
doesn??™t have the right number, the connection is denied.
Magic cookies are stored in the file ~/.Xauthority and are cross-referenced to particular
displays. This file is stored in a binary format and cannot be usefully viewed as
text.
When a local client is executed, it takes the target displayspec, cross-references that
against the ~/.Xauthority file to get the appropriate magic cookie, and then presents
that magic cookie to the server. If the permission mode on the ~/.Xauthority file
allows reading only by the owner, then other users on the local machine will not be
able to read the token value and connect to the X server.
The xauth command is used to manipulate the ~/.Xauthority file; it can operate interactively,
accepting commands one-at-a-time from a user, or commands can be given
as arguments.
Pages:
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284